ICSA-23-250-03 · Published 2023-09-07 · View on CISA ICS-CERT ↗

Socomec MOD3GP-SY-120K

CVSS 10.0 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to execute malicious Javascript code, obtain sensitive information, or steal session cookies.

CVEs (7)

CVE-2023-38582 CVE-2023-39446 CVE-2023-41965 CVE-2023-41084 CVE-2023-40221 CVE-2023-39452 CVE-2023-38255

Remediations

Socomec reports that MODULYS GP (MOD3GP-SY-120K) is an End-of-Life product. Socomec recommends using MODULYS GP2 (M4-S-XXX) instead. MODULYS GP2 (M4-S-XXX) is not affected by the above vulnerabilities.

Affected Vendors

Socomec

Affected Products (1)

Socomec · MODULYS GP (MOD3GP-SY-120K) Web_firmware_v01.12.10

Affected Sectors

Multiple Sectors

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more